Lee Cusenbary is the General Counsel at Mission Pharmacal Company in San Antonio. He is also the creator of Ethics Follies®, a musical parody that uses comedy to raise ethics issues. The fully-produced Broadway-style musical combines San Antonio's business leaders and professional actors to engage the community. It is featured each year by The Association of Corporate Counsel (ACC) for their ethics conference which benefits The Community Justice Program. Lee is also a frequent writer and speaker on why "good ethics is good for business," and is a recipient of the San Antonio Business Ethics Award. In 2012, ACC renamed their ethics awards the "Lee Cusenbary Ethical Life Award" in recognition of his commitment to ethics in law and business. Learn more about how you can be part of a more ethical culture at EthicsFollies.com.

Note: This is an mySA.com City Brights Blog. These blogs are not written or edited by mySA or the San Antonio Express-News. The authors are solely responsible for the content.

Just how bad is Facebook app privacy problem?

Sometimes, laws take a while to get put in place to protect consumers. One such needed regulation is a requirement to fully disclose the sale of private information to third parties by online social networks, like Facebook. While not illegal due to the vague disclosure one must click through before playing an app like Farmville, it’s certainly unethical if it’s not clear to consumers what is actually being done with their personal information. We focused on this issue in the recent Ethics Follies production and touch on it again in the ACC National Conference held in San Antonio next week. I’m curious whether you knew that the first time you played Farmville or another app on Facebook that your information and habits on Facebook were bundled and sold to a third party? If you fully appreciated that, you are further ahead than most of us online.

Helen Popkin tells it like it is in the following article which discusses a Wall Street Journal investigation (Thanks to Gary Chavez at CPS for posting this on Facebook, ironically).

“The information being transmitted is one of Facebook’s basic building blocks: the unique ‘Facebook ID’ number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with ‘everyone,’ including age, residence, occupation and photos.

“The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.”

The WSJ Facebook’s 10 most popular applications are among those transmitting users’ IDs to outside companies. The report also highlights the ongoing problem of the “app gap” — Facebook users who don’t use applications are still at risk of having their personal information shared with third parties if they’re Facebook “friends” with people who do.

In other news, dog bites man.

Certainly, WSJ’s findings are not to be taken lightly. While Facebook and several of the applications involved claim the data collection was an unknown error, a spokesperson for the Electronic Frontier Foundation points out if the WSJ could find this information, why didn’t Facebook know about it?

Still, while sharing user information is a glaring violation of Facebook privacy rules, it’s hardly the Y2K of social networking. Or, considering the hysteria that surrounded that non-event, perhaps it is. Experts contend that the shared information — even that of Facebook app users who (thought) they had their profiles completely locked down, is more of a flaw of Internet life than an insidious plot.

In a Twitter debate Sunday night, author and journalism professor Jeff Jarvis and Business Insider’s Henry Blodget broke down several sides of the issue. Jarvis contended that the latest piece in WSJ’s series on online privacy represented the Rupert Murdoch-owned media’s “war against the Internet.”

Blodget pointed out that at the very least, the WSJ revealed the direct violation of Facebook’s app rules, which, he added “admittedly most folks couldn’t care less about.”

Any “business as usual” argument doesn’t wash with the Electronic Frontier Foundation. “If major companies violating privacy is business as usual, there is a serious problem,” said Kevin Bankston, senior staff attorney at the online privacy advocacy organization in a telephone interview. The WSJ report reveals “an egregious invasion of Facebook privacy,” he said. Applications are violating Facebook’s rules and “Facebook has no way of policing them, or is choosing not to. In the end, it’s Facebook responsibility. They invited people on to their site, it is their responsibility to safeguard user privacy.”

This isn’t the first Facebook privacy problem reported by the WSJ. In May, the WSJ reported that several social networks, including Facebook, sent identifiable profile information to advertisers without user consent. A lawsuit ensued.

Even if you’ve chosen never to play FarmVille, or other Facebook applications, your personal information may’ve been shared by those applications anyway. WSJ found that three of the top 10 apps, including FarmVille.

“What’s most troubling is that these advertisers are tracking your behavior,” said Bankston. “Apps help advertising companies track users and create a very sensitive dossier of your interests, all with the constant reassurance that your real identity is protected. By handing over Facebook user IDs, apps enable advertisers to tie your real name and identity, so these behavior advertising companies have detailed information about you, and now they have a real name to put to those logs.”

Facebook for its part seems to be taking this issue more seriously than privacy fails of the past. “This is an even more complicated technical challenge than a similar issue we successfully addressed last spring on Facebook.com, but one that we are committed to addressing,” a Facebook spokesperson told the WSJ.

Several of the smaller third-party applications found sharing user info were shut down over the weekend after the WSJ spoke to Facebook, though notably none from top money-maker Zynga, which makes FarmVille, Texas Holdem, and FrontierVille.